#Attaking_Machine
Take a look at http://k2.thm.
There's nothing interesting. It seems a static website.
To enumerate potential subdomains use gobuster.
gobuster vhost -u http://k2.thm -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain
Next step: XSS